Microsoft Malware Protection Center published a document on Battling the Zbot Threat, a special edition of the Security Intelligence Report. It is a very good document, worth looking at. This is the intro (to make you curious for more): This document provides an overview of the Win32/Zbot family of password-stealing trojans. The document examines the…
It kind of reminds me of someone â€“ but whom?
Well, basically this title attracted my attention: How to Do an Online Background Check for Free. I had to try it with myself. So I started, following the sites and suggestions in the article: I clicked on the first link and landed on 9 Sites That Find People and Their ‘Sensitive’ Information â€“ cool. Letâ€™s…
It is kind of a tradition that Scott Charney, our Corporate Vice President for Trustworthy Computing, is speaking at RSA. If you look back, he always showed the evolution of Trustworthy Computing and spoke about e.g. End to End Trust and other concepts we use to envision the future of the security ecosystem.Â This year,…
Jailbreaking is probably one of the biggest problems on phones â€“ mainly because it allows easy access to your secrets. Fraunhofer Institute in Germany showed just that:
Therefore, do not think that your iPhone is secure. Make sure you at least remote wipe the phone, when you lost itâ€¦
I am definitely looking forward to the collaboration Nokia/Microsoft and it seems to have gotten quite some chatter on the web. Interestingly, F-Secure looked into it as well: They looked at the app-model and the sandboxing technology in Windows Phone 7 and concluded (as we do as well) that malware on Windows Phone 7 is…
A fairly interesting thriller on the Internet. It just shows that we need better ways to collaborate between private and public sector and to hunt criminals: How one man tracked down Anonymousâ€”and paid a heavy price
Thatâ€™s obvious as people probably tend to want to trust more, the worse their situation is. Nevertheless it is even more disgusting going after the desperate!
Cybercrime: A Recession-Proof Growth Industry
I questioned the value of No-Fly lists since quite a while as I read all these story about how people get on the list but this is kind of the strangest story I ever heard. A UK Immigration officer put his own wife on the No-Fly list as he wanted her to stay in the US â€“ their marriage was kind of challenged.
The longer the more I see articles and posts that claim that security could actually improve if you migrate to the Cloud. And the longer the more I am a firm believer of these statements. It is not about forgetting best practices and just handing over everything to the Cloud provider. It is about adapting your practices to the new reality.
I often read two kinds of articles when it comes to ISPs and protecting privacy. In side asks for as much privacy as possible, the other one for transparency to fight cybercrime. What is our real goal? What is the role of ISPs in fighting crime? An interesting study by the OECD in comparison with an article I read today.
Blocking social media in companies seems to be fairly common; however I personally do not like it for different reasons. I would like you to open a debate and educate me. Tell me, why it is good or bad. Tell me, which risks you are looking at, when/if you do it.
The world got small, didn’t it? This afternoon I decided to leave home early and go to the mountains. However, I had some conference calls tonight, where we usually use Lync (successor of Communicator). So, as I do not have a fixed line there, I dialed in with my 3G card, which gave me enough…
There are some high-level indsutry trends, which tend to be ignored by security officers. The CIO Central published an article, which I would even go further looking at the trends raised.
I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours. They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in picture). The latest registered access was on the same…
If you evern wondered, what our CISO thinks about security in the Cloud, you should listen to him directly.
Often, when governments look into Critical Infrastructure Protection, they start to build a CERT (Computer Emergency Response Team) or a CSIRT (Computer Security and Incident Response Team). The questions then always comes up: How do you do that? ENISA (European Network and Information Security Agency) just published a step-by-step guide on how to do this…
I blogged about my attendence at the above mentioned UNODC meeting. This is a short summary on how I preceived the meeting.
As attacks are moving up the stack, PDF becomes the number 1 exploited file type. Make sure you patch all your applications